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Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the application. 

Listing of Claims : 

1 Claim 1. {Currently Amended) A method for transferring a first root key between a key 

2 provider system and a second other system via an information network comprising the steps of: 

3 a) encrypting the first root key using a first super-root key of the key provider system ; 

4 b) providing within the second other system a first secure module having a second 

5 super-root key within a read-only memory circuit thereof and provided with the first secure 

6 module, the second super-root key accessible only by program code being executed on a 

7 processor internal to the first secure module, and wherein the second super-root key is other than 

8 modifiable and other than accessible outside of the module; 

9 c) transferring the encrypted first root key from the key provider system to the second 

10 other system via the information network; 

11 d) providing the encrypted first root key to the processor internal to the first secure 

12 module of the second other system; and, 

13 e) executing program code on the processor internal to the first secure module to decrypt 

14 the encrypted first root key using the second super-root key stored within the read-only memory 

15 circuit of the first secure module and to store the decrypted first root key internally within a 

16 secure key memory location of the first secure module, wherein the first root key is useable for at 

17 least one of encrypting and decrypting private keys, and wherein a bit length of the first 

2 
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18 super-root key is greater than a bit length of the first root key, and said bit length of the first root 

19 key is greater than a bit length of any of said private keys. 



1 Claim 2. {Previously Presented) The method according to claim 1 wherein the processor 

2 internal to the module accesses the second super-root key only for decrypting encrypted root 

3 keys, wherein the decrypted root keys are then stored within the module inaccessible outside the 

4 secure module. 



1 Claim 3. {Original) The method according to claim 2 wherein the step (a) is performed in 

2 a corresponding secure module. 

1 Claim 4. {Previously Presented) The method according to claim 3 wherein the processor 

2 internal to the module accesses the second super-root key only in response to a request from a 

3 corresponding secure module. 

1 Claim 5. {Previously Presented) The method according to claim 4 wherein the second 

2 super-root key and the first super-root key are the private and public portions of an asymmetric 

3 private/public-key pair, respectively. 
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1 Claim 6. (Previously Presented) The method according to claim 4 wherein the second 

2 super-root key and the first super-root key are a same private key for use with a symmetric 

3 key-based encryption algorithm. 



1 Claim 7. (Previously Presented) The method according to claim 6 comprising the 

2 additional step prior to step a) of: 

3 al) generating a first root key within a key-generating processor internal to the key 

4 provider system. 

1 Claim 8. (Original) The method according to claim 7 wherein the key-generating 

2 processor is embodied on the corresponding secure module. 

1 Claim 9. (Currently Amended) The method according to claim 6 wherein the first root 

2 key is useable for at least one of encrypting and decrypting private encryption keys. 

1 Claim 10. (Currently Amended) A method for transferring a first root key between a key 

2 provider system and a second other system via an information network comprising the steps of: 

3 a) encrypting the first root key using a first super-root key of the key provider system ; 
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b) providing within the second other system a first secure module having second and 



5 third super-root keys within a memory circuit thereof, the second and third super-root keys 

6 accessible only by program code being executed on a processor internal to the first secure 

7 module for decrypting encrypted root keys and for storing the decrypted root keys within a 

8 memory circuit of the first secure module, and wherein the second and third super-root keys are 

9 other than accessible outside of the module; 

10 c) transferring the encrypted first root key from the key provider system to the second 

1 1 other system via the information network; 

12 d) providing the encrypted first root key to the processor internal to the first secure 

13 module of the second other system; and, 

14 e) executing program code on the processor internal to the first secure module to decrypt 

15 the encrypted first root key using the second super-root key stored within the memory circuit of 

16 the first secure module and to store the decrypted first root key internally within a secure key 

17 memory location of the first secure module, wherein the first root key is useable for at least one 

18 of encrypting and decrypting private keys, and wherein a bit length of the first super-root key is 

19 greater than a bit length of the first root key, and said bit length of the first root key is greater 

20 than a bit length of any of said private keys. 
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1 Claim 11. {Previously Presented) A method for transferring a first root key between a 

2 key provider system and a second other system via an information network according to claim 10 

3 comprising the steps of: 

4 f) encrypting a fourth super-root key using one of the third super-root key and a key 

5 corresponding to the third super-root key; 

6 g) transferring the encrypted fourth super-root key from the key provider system to the 

7 second other system via the information network; 

8 h) providing the encrypted fourth super-root key to the processor internal to the first 

9 secure module of the second other system; and, 

10 i) executing program code on the processor internal to the first secure module to decrypt 

11 the encrypted fourth super-root key using the third super-root key stored within the memory 

12 circuit of the first secure module and to store the decrypted fourth super-root key within the 

13 memory circuit of the first secure module at a location corresponding approximately to the 

14 location where the second super-root key was stored. 

1 Claim 12. {Previously Presented) The method according to claim 11 wherein the second 

2 and third super-root keys are only replaceable through use of another of the second and third 

3 super-root keys. 
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1 Claim 13. {Previously Presented) The method according to claim 12 wherein the second, 

2 third and fourth super-root keys are useable for at least one of encrypting and decrypting root 

3 keys. 



1 Claim 14. {Previously Presented) The method according to claim 11 wherein the step of 

2 storing the decrypted fourth super-root key comprises the steps of: 

3 il) erasing the second super-root key from a first storage area of the memory circuit; and, 

4 i2) storing the decrypted fourth super-root key within approximately the same first 

5 storage area of the same memory circuit. 



1 Claim 15. {Previously Presented) A system for transferring a secure root key between a 

2 key provider system and a second other system via an information network that is other than 

3 secure comprising a secure module in operative communication with the second other system, 

4 the secure module including: 

5 an encryption processor; 

6 an input port for receiving encrypted electronic data from outside the module and for 

7 providing the encrypted electronic data to the encryption processor; 

8 a memory circuit in operative communication with the encryption processor for storing at 

9 least a first super-root key; 

7 
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memory storage having program code stored therein and executable on the encryption 



1 1 processor for, upon receipt of an encrypted secure root key, decrypting the encrypted secure root 

12 key using the at least a first super-root key and for storing the decrypted secure root key within 

13 the memory circuit, the at least a first super-root key being other than accessible by any code 

14 other than the program code and being other than modifiable thereby, wherein the secure root 

15 key is useable for at least one of encrypting and decrypting private keys, and wherein a bit length 

16 of the first super-root key is greater than a bit length of the secure root key, and said bit length of 

17 the secure root key is greater than a bit length of any of said private keys. 

1 Claim 16. {Previously Presented) The system according to claim 15 wherein the code 

2 executable on the encryption processor accesses the at least a first super-root key only in 

3 response to a request from a corresponding secure module. 

1 Claim 17. {Original) The system according to claim 16 wherein the code executable on 

2 the encryption processor is only for performing encryption functions the results of which are 

3 inaccessible outside of the module. 

1 Claim 18. {Previously Presented) The system according to claim 17 wherein the memory 

2 circuit for storing the at least a first super-root key is a read-only memory circuit. 
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1 Claim 19. {Original) The system according to claim 18 wherein the module is FIPS 140 

2 compliant. 

1 Claim 20. {Previously Presented) The system according to claim 19 wherein the module 

2 includes a tamper detection circuit for erasing the first super-root key in dependence upon a 

3 detected attempt to access the electronic contents of the module in an unauthorized fashion. 

1 Claim 21. {Previously Presented) A system for transferring a secure root key between a 

2 key provider system and a second other system via an information network that is other than 

3 secure comprising a secure module in operative communication with the second other system, 

4 the secure module including: 

5 an encryption processor; 

6 an input port for receiving encrypted electronic data from outside the module and for 

7 providing the encrypted electronic data to the encryption processor; 

8 a memory circuit in operative communication with the encryption processor for storing a 

9 first super-root key within a first memory location thereof and for storing a second super-root 

10 key within a second other memory location thereof; 

11 memory storage having program code stored therein and executable on the encryption 

12 processor for, upon receipt of an encrypted third super-root key from the second other system, 
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13 decrypting the encrypted third super-root key using one of the first and second super-root keys 

14 and for storing the decrypted third super-root key at a memory location corresponding to the 

15 other one of the first and second super-root keys, the first and second super-root keys being 

16 accessible only by the program code and being modifiable only by the program code for all 

17 modifications excluding erasure, wherein the secure root key is useable for at least one of 

18 encrypting and decrypting private keys, and wherein a bit length of the first super-root key is 

19 greater than a bit length of the secure root key, and said bit length of the secure root key is 

20 greater than a bit length of any of said private keys. 



1 Claim 22. {Original) The system according to claim 21 wherein the code executable on 

2 the encryption processor accesses the first and second super-root keys only in response to a 

3 request from a corresponding secure module. 

1 Claim 23. {Original) The system according to claim 22 wherein the code executable on 

2 the encryption processor is only for performing encryption functions the results of which are 

3 inaccessible outside of the module. 



1 Claim 24. {Previously Presented) The system according to claim 23 wherein the memory 

2 circuit for storing the first and second super-root keys is a substantially non-volatile 

3 reprogrammable memory circuit. 
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Claim 25. {Previously Presented) The system according to claim 24 wherein the 
substantially non-volatile reprogrammable memory circuit is one of an electrically erasable 
programmable read-only memory (EEPROM) circuit and a random access memory (RAM) 
circuit having an on-board power supply in the form of a battery. 

Claim 26. {Original) The system according to claim 25 wherein the module is FIPS 140 
compliant. 

Claim 27. {Original) The system according to claim 26 wherein the module includes a 
tamper detection circuit for erasing every cryptographic key stored within the memory circuit in 
dependence upon a detected attempt to access the electronic contents of the module in an 
unauthorized fashion. 

Claim 28. {New) The method according to claim 1 wherein the bit length of the first 
super-root key is between about 2048 bits and about 4096 bits, the bit length of the first root key 
is between about 512 bits and about 2048 bits, and the bit length of any of said private keys is 
between about 128 bits and about 1024 bits. 
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1 Claim 29. (New) The method according to claim 10 wherein the bit length of the first 

2 super-root key is between about 2048 bits and about 4096 bits, the bit length of the first root key 

3 is between about 512 bits and about 2048 bits, and the bit length of any of said private keys is 

4 between about 128 bits and about 1024 bits. 

1 Claim 30. (New) The system according to claim 15 wherein the bit length of the first 

2 super-root key is between about 2048 bits and about 4096 bits, the bit length of the first root key 

3 is between about 512 bits and about 2048 bits, and the bit length of any of said private keys is 

4 between about 128 bits and about 1024 bits. 

1 Claim 31. (New) The system according to claim 21 wherein the bit length of the first 

2 super-root key is between about 2048 bits and about 4096 bits, the bit length of the first root key 

3 is between about 512 bits and about 2048 bits, and the bit length of any of said private keys is 

4 between about 128 bits and about 1024 bits. 
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